June 2008 Archives

The messages in the Cabinet Office, HMRC, IPCC and MoD reports and recommendations released on 25th June will keep security experts occupied years. But the responses to the recommendations of recent Parliamentary reports and its own Independent Reviewer, raise far wider questions.

I have just received my paper copy of Computer Weekly and see that the "My Take" column which I contributed has been juxtaposed with an "expert comment" from Mike Gillespie. He appears to call for a holistic approach to security while dismissing the Information Security Awareness Forum which has brought together over twenty professional bodies and trade associations to take a rather more holistic approach than he is advocating. So too does the slew of government reports released yesterday - see my blog of yesterday.

The Cabinet Office Final report on Data Handling Procedures across government, the Written Ministerial Statement, the Independent Review of Government Information Assurance and the "Cross Government Actions: Mandatory Minumum Measures" are all now available on ...

Recent repots of laptops lost by doctors stolen from hospitals appear to indicate that medical records on personal computers are less secure today than when the NCC Microsystems Centre tested six systems under contract from the DTI over 20 year years ago. Why?

This week the Economist publishes an excellent article describing the ambivalent attitude of the British Public towards Civil Liberties and the Surveillance Society. It could be, but is not, summarised as: "We want to be looked after but do not trust the systems".

The supposed attack by the CBI on the new vocational diplomas is at variance to feedback from employers on the new ICT Vocational Diploma, said to be much more rigorous, relevant and, perhaps more important, intellectually interesting and challenging, than the current A levels it could replace - if it proves successfull in practice.

On May 15th I promised to blog again on the conclusions from the session I chaired at the European Commission workshop in Bled on social inclusion, ethics, the "forced" use of e-government services and "digital citizens rights". These have no official status, they but an extract from my report back to a plenary but ...

This time its yet another paper file left on a train. Do read the report of the Home Affairs Select Committee in full. Then re-read it, remembering that the largest single death toll from a data leakage was when a Columbian Drug cartel analysed the billing records of the local telephone company to identify the location of the Drug Enforcement Agency Safe Houses from the calls from the US embassy. They then slaughtered everyone in them, including most of the DEA team.

"Banks slip through virus loophole" was the headline for an article by Danny Bradbury in the Guardian last week. This began: "Is my money safe? A quiet rule change allows British banks to refuse to compensate the victims of online fraud if they do not have "up-to-date antivirus and spyware and a personal firewall"

Lloyds TSB recently announced that the move of two thirds of their ICT staff to India was not to save money. The UK throughput of ICT graduates has halved over past five years, is now below that in 1996 and is about to fall further. IR 35 led to the exodus of many of the most able and ambitious independent consultants. Today we see mounting pressures to address our increasing skills shortages (quality even more than quantity) by allowing in more immigrants.

This morning the first of a season of reports on surveillance and information assurance was published. The House of Commons Home Affairs Select Committee report was released to the Sunday Papers at one minute past midnight. The Commons Press Gallery get their copies at 09.00 Monday morning. Meanwhile the Cabinet Office report and recommendations on Information Assurance have been circulating, unpublished for nearly two months.